Practice Test Bank Google Deck Flashcards
Your client created an Identity and Access
Management (IAM) resource hierarchy
with Google Cloud when the company was
a startup. Your client has grown and now
has multiple departments and teams. You want to recommend a resource hierarchy that follows Google-recommended practices.
What should you do?
A. Keep all resources in one project, and use a flat resource hierarchy to reduce complexity and simplify management.
B. Keep all resources in one project, but change the resource hierarchy to reflect company organization.
C. Use a flat resource hierarchy and multiple projects with established trust boundaries.
D. Use multiple projects with established trust boundaries, and change the resource hierarchy to reflect company organization.
Feedback:
A. Incorrect. Mirror your Google Cloud resource hierarchy structure to match your
organization structure. Use projects to group resources that share the same trust
boundary.
B. Incorrect. Use projects to group resources that share the same trust boundary.
C. Incorrect. Mirror your Google Cloud resource hierarchy structure to match your
organization structure.
D. Correct! Because the environment has evolved, update the IAM resource hierarchy
to reflect the changes. Use projects to group resources that share the same trust
boundary.
Where to look:
https://cloud.google.com/iam/docs/resource-hierarchy-access-control
https://cloud.google.com/iam/docs/resource-hierarchy-access-control#best_practices
Summary:
Best practices are incredibly important for Identity and Access Management (IAM).
You encountered two best-practice rules in this question, but you should be familiar
with the rest. Look at the best practices in more detail in Google documentation.
Cymbal Direct’s social media app must
run in a separate project from its APIs
and web store. You want to use Identity
and Access Management (IAM) to ensure a secure environment.
How should you set up IAM?
A. Use separate service accounts for each component (social media app, APIs, and web store) with basic roles to grant access. B. Use one service account for all components (social media app, APIs, and web store) with basic roles to grant access.
C. Use separate service accounts for each component (social media app, APIs, and web store) with predefined or custom roles to grant access.
D. Use one service account for all components (social media app, APIs, and web store) with predefined or custom roles to grant access.
Feedback:
A. Incorrect. Basic roles include thousands of permissions across all Google Cloud
services. In production environments, do not grant basic roles unless there is no
alternative.
B. Incorrect. Treat each component of your application as a separate trust boundary. If
multiple services require different permissions, create a separate service account for
each service, and then grant only the required permissions to each service account.
Basic roles include thousands of permissions across all Google Cloud services. In
production environments, do not grant basic roles unless there is no alternative.
C. Correct! Using separate service accounts for each component allows you to grant only the access needed to each service account with either a predefined or custom role.
D. Incorrect. Treat each component of your application as a separate trust boundary.
If multiple services require different permissions, create a separate service account
for each service, and then grant only the required permissions to each service
account.
Where to look:
https://cloud.google.com/blog/products/identity-security/iam-best-practice-guides-avail
able-now
Summary:
Using IAM and designing the best environmental approach largely relies on abiding by the “principle of least privilege.” This question included some of the recommended
practices. Treat each component of your application as a separate trust boundary. If
multiple services require different permissions, create a separate service account for
each service, and then grant each the least permissions possible. Basic roles include
thousands of permissions across all Google Cloud services, so using them probably
provides more abilities than necessary. In production environments, do not grant basic
roles unless there is no alternative. A checklist you can use to ensure best practices
is available here: https://cloud.google.com/iam/docs/using-iam-securely
Michael is the owner/operator of “Zneeks,” a retail shoe store that caters to sneaker aficionados. He regularly works with customers who order small batches of custom shoes. Michael is interested in using Cymbal Direct to manufacture and ship custom batches of shoes to these customers. Reasonably tech-savvy but not a developer, Michael likes using Cymbal Direct’s partner purchase portal but wants the process to be easy.
What is an example of a user story that
could describe Michael’s persona?
A. As a shoe retailer, Michael wants to send Cymbal Direct custom purchase orders so that batches of custom shoes are sent to his customers.
B. Michael is a tech-savvy owner/operator of a small business.
C. Zneeks is a retail shoe store that caters to sneaker aficionados.
D. Michael is reasonably tech-savvy but needs Cymbal Direct’s partner purchase portal to be easy.
A. Correct! “As a [type of user], I want to [do something] so that I can [get some benefit]” is the standard format for a user story.
B. Incorrect. This describes aspects of the user but not what they want to do or the
benefit the user would receive.
C. Incorrect. This does not describe the user, what they want to do, or the benefit the
user would receive.
D. Incorrect. This does not describe what he wants to do with the partner portal.
Where to look:
https://sre.google/workbook/engagement-model/
Summary:
User stories describe one thing a user wants the system to do. Stories are written in a
simple structure, typically using the format: “As a [type of user], I want to [do
something] so that I can [get some benefit].” Stories should be simple, small, and
testable and represent something that actually has value. A user can have multiple
stories associated with them, but the stories should be atomic so no story depends on
another.
Cymbal Direct has an application running
on a Compute Engine instance. You need
to give the application access to
several Google Cloud services. You do
not want to keep any credentials on
the VM instance itself.
What should you do?
A. Create a service account for each of the services the VM needs to access. Associate the service accounts with the Compute Engine instance.
B. Create a service account and assign it the project owner role, which enables access to any needed service.
C. Create a service account for the instance. Use Access scopes to enable access to the required services.
D. Create a service account with one or more predefined or custom roles, which give access to the required services.
Feedback:
A. Incorrect. A Compute Engine instance is associated with only one service account.
B. Incorrect. This violates the “principle of least privilege” because assigning the project owner role gives access to unnecessary services.
C. Incorrect. Access scopes are used with the Compute Engine default service
account.
D. Correct! This gives the flexibility and granularity needed to allow access to multiple
services, without giving access to unnecessary services.
Where to look:
https://cloud.google.com/compute/docs/access/service-accounts
Summary:
A service account is a special kind of account used by an application, service, or a virtual machine (VM) instance, not a person. Applications or services use service accounts to authenticate and make authorized API calls. To give access to a service or resources, the relevant IAM role must be granted to the service account. Another aspect should also be considered: controlling who uses the service account. Assign the ServiceAccountUser role to the users you trust to use the service account.
Cymbal Direct wants to use Identity and
Access Management (IAM) to allow
employees to have access to Google
Cloud resources and services based
on their job roles. Several employees
are project managers and want to
have some level of access to see what
has been deployed. The security team
wants to ensure that securing the
environment and managing resources is
simple so that it will scale.
What approach should you use?
A. Grant access by assigning custom roles
to groups. Use multiple groups for
better control. Give access as low in the
hierarchy as possible to prevent the inheritance of too many abilities from a higher level.
B. Grant access by assigning predefined roles to groups. Use multiple groups for better control. Give access as low in the hierarchy as possible to prevent the inheritance of too many abilities from a higher level.
C. Give access directly to each individual for more granular control. Give access as low in the hierarchy as possible to prevent the inheritance of too many abilities from a higher level.
D. Grant access by assigning predefined roles to groups. Use multiple groups for better control. Make sure you give out access to all the children in a hierarchy under the level needed, because child resources
will not automatically inherit abilities.
A. Incorrect. Unless there is a specific need for a custom role, you should use predefined ones.
B. Correct! This follows recommended practices regarding organizational policies.
C. Incorrect. Whenever possible, use groups to manage access. It is much easier to add or remove individuals from groups than manage permissions at the individual level.
D. Incorrect. Access is inherited by the descendants of a resource like a project or
folder. You can give out more access at a lower level but cannot restrict access inherited from a parent.
Where to look:
https://cloud.google.com/iam/docs/resource-hierarchy-access-control
Summary:
Select policies at the organization and project level. As new resources are added, they will automatically inherit the policies of their parents. This simplifies managing policies and keeps permissions consistent. When adding a policy on a child resource, consider the access granted by the parent. Children inherit abilities and cannot restrict them. The principle of least privilege should always be applied, thus giving minimal
access to roles and avoiding the use of owner and editor roles. The predefined roles
have been designed to cover all use cases for resources. Custom roles should only
be used where you need to make an exception and no predefined role meets your
use case.
You have several Compute Engine instances running NGINX and Tomcat for a web application. In your web server logs, many login failures come from a single IP address, which looks like a brute force attack.
How can you block this traffic?
Edit the Compute Engine instances running your web application, and
enable Google Cloud Armor. Create a Google Cloud Armor policy with a
default rule action of “Allow.” Add a new rule that specifies the IP address
causing the login failures as the Condition, with an action of “Deny” and a
deny status of “403,” and accept the default priority (1000).
B. Ensure that an HTTP(S) load balancer is configured to send traffic to the backend Compute Engine instances
running your web server. Create a Google Cloud Armor policy with a default rule action of “Deny.” Add a new
rule that specifies the IP address causing the login failures as the Condition, with an action of “Deny” and a deny
status of “403,” and accept the default priority (1000). Add the load balancer backend service’s HTTP-backend
as the target.
C. Ensure that an HTTP(S) load balancer is configured to send traffic to the backend Compute Engine instances
running your web server. Create a Google Cloud Armor policy with a default rule action of “Allow.” Add a new rule that specifies the IP address causing the login failures as the Condition, with an action of “Deny” and a deny
status of “403,” and accept the default priority (1000). Add the load balancer backend service’s HTTP-backend
as the target.
D. Ensure that an HTTP(S) load balancer is configured to send traffic to your backend Compute Engine instances
running your web server. Create a Google Cloud Armor policy using the instance’s local firewall with a default
rule action of “Allow.” Add a new local firewall rule that specifies the IP address causing the login failures as the
Condition, with an action of “Deny” and a deny status of “403,” and accept the default priority (1000).
A. Incorrect. Google Cloud Armor can’t be associated directly with a Compute Engine
instance and instead is applied at the edge via a load balancer or a Cloud CDN.
B. Incorrect. A default rule action of “deny” would block all access. The additional rule
is redundant.
C. Correct! Configuring a Google Cloud Armor rule to prevent that IP address from accessing the HTTP-backend on the load balancer will prevent access.
D. Incorrect. Google Cloud Armor allows you to block traffic outside your VPC, which
prevents load on your systems.
Where to look:
https://cloud.google.com/armor/docs/cloud-armor-overview
Summary:
Google Cloud Armor offers built-in DDoS protection and protection against
application-aware attacks such as cross-site scripting and SQL injection. Google
Cloud Armor is integrated into global HTTP(S) load balancing. Google Cloud Armor is
based on the same technologies and global infrastructure used to protect Google’s
own services. Google Cloud Armor’s security policies enable the access or denial of
requests at the load balancers. Google Cloud Armor blocks unwelcome traffic before it
gets to your VPC networks and incurs costs.
Cymbal Direct needs to make sure its new social media integration service can’t be accessed directly from the public internet.
You want to allow access only through the web frontend store.
How can you prevent access to the social media integration service from the outside world, but still allow access to the APIsof social media services?
A. Remove external IP addresses from the VM instances running the social media service and place them in a private VPC behind Cloud NAT. Any SSH connection for management should be done with Identity-Aware Proxy (IAP) or a bastion host (jump box) after allowing SSH access from IAP or a corporate network.
B. Limit access to the external IP addresses of the VM instances using firewall rules and place them in a private VPC behind Cloud NAT. Any SSH connection for management should be done with Identity-Aware Proxy (IAP) or a bastion host (jump box) after allowing SSH access from IAP or a corporate network.
C. Limit access to the external IP addresses of the VM instances using a firewall rule to block all outbound traffic. Any SSH connection for management should be done with
Identity-Aware Proxy (IAP) or a bastion host (jump box) after allowing SSH access from IAP or a corporate network.
D. Remove external IP addresses from the VM instances running the social media service and place them in a private VPC behind Cloud NAT. Any SSH connection for management
should be restricted to corporate network IP addresses by Google Cloud Armor.
A. Correct! Using Cloud NAT will prevent inbound access from the outside world but will allow connecting to social media APIs outside of the VPC. Using IAP or a bastion host allows for management by SSH, but without the complexity of using VPNs for
user access.
B. Incorrect. If VMs do not need to be accessed by the outside world, they should not
have external IP addresses.
C. Incorrect. If VMs do not need to be accessed by the outside world, they should not
have external IP addresses, and denying all outbound traffic would prevent
connecting to external social media APIs.
D. Incorrect. Without using IAP or a bastion host, the corporate network would have
no way of connecting to the VMs, because VMs have no external IP addresses.
Summary:
Several options are available for securely communicating with VMs that do not have
public IP addresses. These services do not have a public IP address normally
because the VMs are deployed in order to be consumed by other instances in the
project or through Dedicated Interconnect options. However, for those instances
without an external IP address, it can be a requirement to gain external access; for
example, for updates or patches to be applied. In this question, the VMs need to
access social media APIs. Cloud NAT can allow for outbound access, and IAP or a
bastion host can allow SSH access.
Cymbal Direct is experiencing success using Google Cloud and you want to leverage tools to make your solutions more efficient. Erik, one of the original web developers, currently adds new products to your application manually. Erik has many responsibilities and
requires a long lead time to add new
products. You need to create a Cloud
Functions application to let Cymbal Direct employees add new products instead of waiting for Erik. However, you want to make sure that only authorized employees can use the application.
What should you do?
A. Set up Cloud VPN between the corporate network and the Google Cloud project’s VPC network.
Allow users to connect to the Cloud Functions instance.
B. Use Google Cloud Armor to restrict access to the corporate network’s external IP address. Configure firewall rules to allow only HTTP(S) access.
C. Create a Google group and add authorized employees to it. Configure Identity-Aware Proxy (IAP) to the Cloud Functions application as a HTTP-resource. Add the group as a principle with the role “Project Owner.”
D. Create a Google group and add authorized employees to it. Configure Identity-Aware Proxy (IAP) to the Cloud Functions application as a HTTP-resource.
Add the group as a principle with the role “IAP-secured Web App User.
A. Incorrect. Although this solution restricts access to just the corporate network, it
doesn’t restrict the application to authorized users.
B. Incorrect. Although this solution permits access to only the corporate network’s
public IP address, it doesn’t restrict the application to authorized users. HTTP(S) is
always recommended, especially when the traffic uses the internet, but doesn’t
address the real problem.
C. Incorrect. Project Owner gives out much more access than necessary and doesn’t
adhere to the “Principle of Least Privilege.” This solution also doesn’t allow access to
the Cloud Function.
D. Correct! You could use individual accounts to give out access instead of a group,
and by doing so you make access more manageable. Identity-Aware Proxy is a great
tool for exactly this kind of issue.
Where to look:
https://cloud.google.com/iap/docs/App Engine-quickstart
https://cloud.google.com/functions/docs/quickstarts
Summary:
IAP lets you require that users be signed in to Google accounts (groups, service
accounts, and Workspace domains are fine, too). You can authorize users’ access to
individual applications without having to write code.
You’ve recently created an internal Cloud Run application for developers in your organization. The application lets developers clone production Cloud SQL databases into a project specifically created to test code and deployments. Your previous process was to export a database to a Cloud Storage bucket, and then import the SQL dump into a legacy on-premises testing environment database with connectivity to Google Cloud via Cloud VPN.
Management wants to incentivize using the new process with Cloud SQL for rapid testing and track how frequently rapid testing occurs. How can you ensure that the developers use the new process?
A. Use an ACL on the Cloud Storage bucket.
Create a read-only group that only has
viewer privileges, and ensure that the
developers are in that group.
B. Leave the ACLs on the Cloud Storage bucket as-is. Disable Cloud VPN, and have developers use Identity-Aware Proxy (IAP) to connect. Create an organization policy to enforce public access protection.
C. Use predefined roles to restrict access to what the developers are allowed to do. Create a group for the developers, and associate the group with the Cloud SQL Viewer role. Remove the “cloudsql.instances.export” ability from the role.
D. Create a custom role to restrict access to what developers are allowed to do. Create a group for the developers, and associate the group with your custom role. Ensure that the custom role does not have “cloudsql.instances.export.”
A. Incorrect. This only prevents developers from writing to that bucket. Depending on
their other roles, they may be able to create new buckets to use as a workaround. If
the developers are testing deployments, they probably have this ability.
B. Incorrect. Disabling Cloud VPN may have other effects and could cause problems.
You would use IAP more often for serverless instances, or endpoints, and for ensuring
authentication. The organization policy would prohibit sharing data to accounts
outside your organization.
C. Incorrect. You cannot add or remove abilities to a predefined role. Predefined roles
are managed by Google.
D. Correct! In this scenario, using a predefined role is inappropriate because the most
appropriate predefined role, Cloud SQL Viewer, contains the cloudsql.instances.export capability, which would allow the database to be exported.
Where to look:
https://cloud.google.com/iam/docs/understanding-custom-roles
Summary:
Custom roles are user-defined and allow bundling one or more supported permissions
to meet your specific needs. Custom roles are not maintained by Google; when new
permissions, features, or services are added to Google Cloud, your custom roles will
not be updated automatically.
Your client is legally required to comply with the Payment Card Industry Data Security Standard (PCI-DSS). The client has formal audits already, but the audits are only done periodically. The client needs to monitor for common violations
to meet those requirements more easily.
The client does not want to replace audits but wants to engage in continuous compliance and catch violations early.
What would you recommend
that this client do?
A. Enable the Security Command Center (SCC) dashboard, asset discovery, and Security
Health Analytics in the Premium tier. Export or view the PCI-DSS Report from the SCC dashboard’s Compliance tab.
B. Enable the Security Command Center (SCC) dashboard, asset discovery, and Security Health Analytics in the Standard tier. Export or view the PCI-DSS Report from the SCC dashboard’s Compliance tab.
C. Enable the Security Command Center (SCC) dashboard, asset discovery, and Security Health Analytics in the Premium tier. Export or view the PCI-DSS Report from the SCC dashboard’s Vulnerabilities tab.
D. Enable the Security Command Center (SCC) dashboard, asset discovery, and Security Health Analytics in the Standard tier. Export or view the PCI-DSS Report from the SCC dashboard’s Vulnerabilities tab.
A. Correct! The reports relating to compliance vulnerabilities are on the Compliance
tab. To use the Security Health Analytics that scan for common compliance
vulnerabilities, you must use the Premium tier.
B. Incorrect. To use the Security Health Analytics that scan for common compliance
vulnerabilities, you must use the Premium tier.
C. Incorrect. The reports relating to compliance vulnerabilities are on the Compliance
tab.
D. Incorrect. The reports relating to compliance vulnerabilities are on the Compliance
tab. To use the Security Health Analytics that scan for common compliance
vulnerabilities, you must use the Premium tier.
Where to look:
https://cloud.google.com/security-command-center/
Summary:
You can use the Security Command Center to detect many well-known vulnerabilities in your applications and instances. The Standard tier is available at no cost, but is more limited in what it can detect. For customers who have compliance requirements to meet, it is worth considering the Premium tier option, but it’s important to realize that it is not a replacement for audits, but is simply a tool to make compliance easier.
You are implementing a disaster
recovery plan for the cloud version of
your drone solution. Sending videos to
the pilots is crucial from an operational perspective.
What design pattern should you choose
for this part of your architecture?
A. Hot with a low recovery time objective (RTO)
B. Warm with a high recovery time objective (RTO)
C. Cold with a low recovery time objective (RTO)
D. Hot with a high recovery time objective (RTO)
Feedback:
A. Correct! Safety and compliance require your application to have a low RTO, so you need a hot design pattern with minimal downtime.
B. Incorrect. A warm design pattern would consist of a standby system that you would fail over to if something went wrong. The RTO would be higher than with a hot design pattern.
C. Incorrect. By definition, cold design pattern has the highest RTO of the design
patterns. Depending on the backup/snapshot pattern you have, you might be able to
decrease the RPO.
D. Incorrect. The system requires a low RTO, so we ensure that the pilots get the
video they need to navigate the drones where they need to go and avoid obstacles.
Where to look:
https://cloud.google.com/blog/products/storage-data-transfer/designing-and-implemen
ting-your-disaster-recovery-plan-using-gcp
https://cloud.google.com/architecture/dr-scenarios-planning-guide
Summary:
Two key metrics associated with disaster recovery planning include a recovery time objective (RTO) and a recovery point objective (RPO). The RTO is the maximum acceptable length of time that your application can be offline. The RPO describes how much data you will lose while a system is down. When these two metrics are smaller, your application will cost more to run. Google Cloud has features that can help you with DR planning, such as global network design, built-in redundancy, scalability, security, and compliance.
DR patterns can be cold, warm, or hot. These patterns determine how quickly a system can recover if something goes wrong. Cold means your system has no failover or standby strategy. Your system will be down until you manually configure a replacement or the system comes back up. A good example of this is a system that accesses and queries historical data. A warm pattern could be a cold standby, where you implement resources but must configure your application to point to them and possibly start them if something goes wrong with the primary. A hot pattern is an active-active architecture, where you transfer data synchronously to your secondary system and load balance across the systems, so if one goes down, the other one will pick up the slack.
The number of requests received by your application is nearing the maximum specified in your design. You want to limit the number of incoming requests until the system can handle the workload.
What design pattern does this situation describe?
A. Applying a circuit breaker
B. Applying exponential backoff
C. Increasing jitter
D. Applying graceful degradation
A. Correct! A circuit breaker limits requests based on a threshold that you specify.
B. Incorrect. Exponential backoff increases the amount of time between retry requests. It does not limit them. Applying exponential backoff is a client-side solution; we need a server-side solution to address this situation.
C. Incorrect. Jitter adds randomness to the exponential backoff to better spread the retries received by the system. Increasing jitter is a client-side solution; we need a server-side solution to address this situation.
D. Incorrect! Graceful degradation limits the results provided by the system when
certain thresholds are met. It does not limit or respond with errors based on new or
additional requests.
Where to look:
https://cloud.google.com/architecture/scalable-and-resilient-apps#patterns_and_practices
https://cloud.google.com/traffic- director/docs/configure-advanced-traffic-management
https://sre.google/sre-book/addressing-cascading-failures/
Summary:
Traffic management lets you reduce traffic to overloaded systems or services. Two techniques that can help you in this situation are circuit breaker patterns and exponential backoffs. These techniques can help avoid cascading failures, where an issue with one service causes other services to fail too.
With circuit breakers, failure thresholds are set to prevent client requests from overloading your backends. When the threshold is met, no new connections or additional requests are allowed. Circuit breaking sends an error when requests are refused. Example settings include:
● Maximum requests per connection
● Maximum number of connections
● Maximum pending requests
● Maximum requests
● Maximum retries
Another issue when systems start being overwhelmed with requests is that the
number of retries increases. Capped exponential backoff means that clients multiply
their backoff by a constant after each attempt, up to some maximum value. Jitter
introduces randomness to the exponential backoff, so spikes occur less frequently
and at a more constant rate.
You want to establish procedures for testing the resilience of the delivery-by-drone solution.
How would you simulate a scalability issue?
A. Block access to storage assets in one of your zones.
B. Inject a bad health check for one or more of your resources.
C. Load test your application to see how it responds.
D. Block access to all resources in a zone
A. Incorrect. Ensuring that your data remains available in an outage is part of
durability.
B. Incorrect. Health checks help address availability needs.
C. Correct! Designing for increased customer demand is one way to ensure
scalability.
D. Incorrect. Responding to outages of zonal resources is a key capability in
addressing availability.
Where to look:
https://cloud.google.com/architecture/scalable-and-resilient-apps
https://cloud.google.com/blog/topics/inside-google-cloud/rethinking-business-resilience-with-google-cloud
https://cloud.google.com/architecture/scalable-and-resilient-apps#test_your_resilience
Summary:
Resilience allows an application to continue functioning when different types of
failures occur. You must design for resilience. Methods to help you build highly
available and resilient apps include having services available in multiple regions and
zones. Your compute resources, whether virtual machines (Compute Engine instance
groups ) or microservice container architectures (Google Kubernetes Engine
clusters), can be distributed across zones of a region. From a storage perspective,
regional persistent disks are replicated across zones synchronously. Load balancing
allows for low latency routing of your application traffic. Google’s serverless offerings
often have built-in redundancy
You have implemented a manual CI/CD process for the container services required for the next implementation of the Cymbal Direct’s Drone Delivery project. You want to automate the process.
What should you do?
A. Implement and reference a source repository in your Cloud Build configuration file.
B. Implement a build trigger that applies your build configuration when a new software update is committed to Cloud Source Repositories.
C. Specify the name of your Container Registry in your Cloud Build configuration.
D. Configure and push a manifest file into an
environment repository in Cloud Source Repositories.
A. Incorrect. You can reference a source repository in your Cloud Build configuration, but the build won’t be automated unless you implement a build trigger.
B. Correct! Configuring a build trigger automates the CI/CD process based on when the software is posted to a repository.
C. Incorrect. The Container Registry specifies where Cloud Build should post the containers it builds.
D. Incorrect. The question asks about automating this process. You would need to configure a build trigger to push the manifest placed in your environment repository to Kubernetes to automate the process.
Summary:
Continuous integration/continuous delivery (CI/CD) pipelines automate the testing and delivery of code by monitoring a controlled software repository. When new software is checked in, the pipeline orchestrator will first run unit tests. If the tests are successful, a deployment package is built and saved to a Container Registry, which completes the steps for continuous integration. Continuous delivery deploys your images or
artifacts to the operational environment you specify, such as App Engine or GKE.
With Google Cloud, you can use Cloud Source Repositories as your version control repository. Unit testing and container artifacts can be produced through Cloud Build and automated through build triggers. Common places to save and manage your finalized images include Container Registry and Artifact Registry. Continuous Delivery can also be implemented through steps specified in Cloud Build and implementing
build triggers to apply build operations when a new manifest is added to a monitored candidate repository.
Cloud Build handles building, testing, and deploying your application logic through a build configuration. This build configuration is executed by cloud builders, which are container instances with a common set of tools loaded on them. Provided builders include curl, docker, gcloud CLI, gsutil, git, and gke-deploy. You can also implement your own cloud builder
The pilot subsystem in your Delivery by Drone service is critical to your service.
You want to ensure that connections to the pilots can survive a VM outage without affecting connectivity.
What should you do?
A. Configure proper startup scripts for your VMs.
B. Deploy a load balancer to distribute traffic across multiple
machines.
C. Create persistent disk snapshots. D. Implement a managed instance group and load balancer.
Feedback:
A. Incorrect. Startup scripts ensure that your machines are properly configured and
ready to run your app. They do not help with outages.
B. Incorrect. Cloud Load Balancing helps distribute traffic across machines in multiple
instance groups. It does not heal or scale VMs.
C. Incorrect. Persistent disk snapshots prevent the loss of data in an outage. They do
not help with healing or connectivity.
D. Correct! Managed instance groups with a load balancer offer scaling and
autohealing that automatically replaces the instances that are not responding.
Summary:
Single points of failure occur when not enough backup resources are allocated. They
can be avoided through data replication and by implementing multiple compute
instances. It is better to distribute load across multiple small, distributed units than to
have fewer, larger ones. If failures do occur, the backup systems must have enough
capacity to handle the extra load.
A correlated failure is when related items fail simultaneously. The impact of correlated
failures can be reduced by containerizing your application and implementing
microservices that can run on multiple platforms. If it makes sense in your
architecture, you can do this across multiple zones or regions.
Cascading failures are closely related to correlated failures.This happens when one
component of the system is overwhelmed and stops working. Other parts of the
system try to pick up the load. They are also overwhelmed and start failing. The
failures flow, or cascade, across the system.
Possible ways to reduce the occurrence of cascading failures include monitoring the deployment of your application and ensuring that it is in the proper state before it
accepts requests, and ensuring that it has the proper resources provisioned. Server
overload can be minimized by serving degraded results, load shedding, or graceful
degradation
Cymbal Direct wants to improve its drone pilot interface. You want to collect feedback on proposed changes from the community of pilots before rolling out updates systemwide. What type of deployment pattern should you implement?
A. You should implement canary testing.
B. You should implement A/B testing.
C. You should implement a blue/green deployment.
D. You should implement an in-place release.
A. Incorrect. Canary testing uses a subset of real traffic to test the production
performance of a new version.
B. Correct! A/B testing is a pattern that lets you evaluate new proposed functionality.
C. Incorrect. Blue/green does not let you test your new features. It instantiates a new
version and then moves traffic to it when its resources are stable.
D. Incorrect. An in-place release will not let you test or evaluate your new features. It
will replace the version when it is deployed to the existing resources.
Summary:
Deployment options for new versions of your application include replacing the old
version with the new release in-place. In this pattern, your new version starts
accepting production traffic as soon as it is deployed. Another option is to scale down
the current version before you scale up the new one, but this option does incur
downtime. In rolling updates, a subset of application instances, instead of all of them,
is upgraded at the same time. This method requires no downtime.
In a blue/green deployment pattern (also called red/black), you deploy the new
version next to the current one, but only one version is live at a time. The green
version is deployed and tested, and then traffic is routed to it when it is stable. The
blue version (your original version) can be kept up for possible rollback and eventually
be decommissioned or used for a subsequent update. There is no downtime
associated with blue/green deployments.
With a canary test, you deploy your new version next to your current one. You specify
a subset of your production traffic to be routed to the canary version to evaluate its
performance. The benefit of this pattern is that you are testing against production
traffic.
A/B testing is closely related to canary testing. As opposed to being version-oriented,
A/B testing is implemented to measure the effectiveness of proposed changes.
Canary testing is concerned with production performance, while A/B testing is
Developers on your team frequently write new versions of the code for one of your applications. You want to automate the build process when updates are pushed to Cloud Source Repositories.
What should you do?
A. Implement a Cloud Build configuration file with build steps.
B. Implement a build trigger that references your repository and branch.
C. Set proper permissions for Cloud Build to access deployment resources.
D. Upload application updates and Cloud Build configuration files to Cloud Source Repositories.
A. Incorrect. Cloud Build configuration files specify the arguments for the
containerized build requirements for your application. They do not automate the process.
B. Correct! Cloud Build triggers automate the build process when new files are placed into the name and branch of the repository that you specify.
C. Incorrect. Permissions provide Cloud Build with the required access to deployment resources. Having the correct permissions does not automate the process.
D. Incorrect. Unless you have implemented a build trigger, uploading new files will not automatically start the build process.
Summary:
Cloud Source Repositories are private git repositories hosted on Google Cloud. You first create a repository with the create command. You can then clone it to your local environment and add or modify code in that local directory. When you are done coding, add the files you worked on to a new commit. You then push the local
changes to your remote Cloud Source Repository.
When the app is ready for deployment, you can run the appropriate gcloud CLI
command from your development environment. If you want to automate this process, ensure that your Cloud Build service account has the proper permissions to deploy to the service of your choice and provide Cloud Build configuration info in a YAML file.
Cloud Build consists of simple containers that run commands in their build environment without your having to configure and manage hardware. When your build configuration is documented, you can save that in your repository also.
Cloud Build triggers will monitor your Cloud Source Repositories when new push events happen. Your trigger will require the name of the repository and branch you want to create the event from. You then specify the Cloud Build configuration you want to reference based on that event. Now when you update your app and push it to
your repository, it will fire the trigger and automatically start the build operation.
You are asked to implement a lift and shift operation for Cymbal Direct’s Social Media Highlighting service. You compose a Terraform configuration file to build all the necessary Google Cloud resources.
What is the next step in the Terraform
workflow for this effort?
A. Commit the configuration file to your software repository.
B. Run terraform plan to verify the contents of the Terraform
configuration file.
C. Run terraform apply to deploy the resources described in the
configuration file.
D. Run terraform init to download the necessary provider module
A. Incorrect. You should run init and run plan on your Terraform workflow before you commit the validated configuration file to your software repository.
B. Incorrect. You should run the init command before you run the plan command.
C. Incorrect. You should run init your providers and test your configuration with a plan before you run apply to allocate or change your resources.
D. Correct! Running init in the directory containing your Terraform configuration file ensures that the correct plugins are loaded for the providers and resources
requested.
Summary:
Automation tools like Terraform let you implement and manage infrastructure as code.
Treating your Google Cloud resources as software lets you deploy, update, and
destroy a stack of resources in a repeatable way. Terraform offers a declarative
model used to deploy and manage resources. Imperative methods specify exactly
how you want a resource configured. Declarative methods, however, let you specify
what you want deployed and aren’t as concerned with lower-level details. You must
write commands on the command line. Referencing an entire stack of resources you
want deployed in a configuration file and calling it once is considered declarative.
A Terraform workflow starts with authoring your TensorFlow configuration file. A
Terraform provider specifies the cloud environment used. The available providers for
Google Cloud are “Google” or “Google-beta.” Resources entries in the configuration
file specify what resources you want deployed and let you provide arguments to
define their operating characteristics. After you write your configuration file, run the
Terraform Init command in the development directory your configuration file is in. This
downloads the provider modules required by your configuration file. To verify that
there are no mistakes in the config file, you can run a Terraform plan command. You
can make any needed changes before deploying your infrastructure. Finally, you run a
Terraform apply command to deploy your infrastructure.
Your development team used Cloud Source Repositories, Cloud Build, and Artifact Registry to successfully implement the build portion of an application’s CI/CD process.
However, the deployment process is erroring out. Initial troubleshooting shows that the runtime environment does not have access to the build images. You need to advise the team on how to resolve the issue.
4.1
What could cause this problem?
A. The runtime environment does not have permissions to the
Artifact Registry in your current project.
B. The runtime environment does not have permissions to Cloud
Source Repositories in your current project.
C. The Artifact Registry might be in a different project.
D. You need to specify the Artifact Registry image by name.
A. Incorrect. Runtime environments have read access permissions to Artifact Registry
in the same project.
B. Incorrect. Runtime environments do not need access to Cloud Source Repositories
as part of the deployment process.
C. Correct! Permissions must be configured to give the runtime service account
permissions to the Artifact Registry in another project.
D. Incorrect. In Artifact Registry, you need to identify images by tag or digest.
Cymbal Direct is working on a social
media integration service in Google
Cloud. Mahesh is a non-technical
manager who wants to ensure that
the project doesn’t exceed the
budget and responds quickly to
unexpected cost increases. You
need to set up access and billing
for the project.
What should you do?
A. Assign the predefined Billing Account Administrator role to Mahesh. Create a project
budget. Configure billing alerts to be sent to the Billing Administrator. Use resource quotas
to cap how many resources can be deployed.
B. Assign the predefined Billing Account Administrator role to Mahesh. Create a project
budget. Configure billing alerts to be sent to the Project Owner. Use resource quotas to cap
how much money can be spent.
C. Use the predefined Billing Account Administrator role for the Billing Administrator group,
and assign Mahesh to the group. Create a project budget. Configure billing alerts to be sent to
the Billing Administrator. Use resource quotas to cap how many resources can be
deployed.
D. Use the predefined Billing Account Administrator role for the Billing Administrator group,
and assign Mahesh to the group. Create a project budget. Configure billing alerts to be sent to
the Billing Account Administrator. Use resource quotas to cap how much money can be
spent.
A. Incorrect. Use groups with Identity and Access Management (IAM) to simplify
management. Quotas are based on the number of resources, such as instances or
CPU, not budget.
B. Incorrect. Use groups with IAM to simplify management. Billing Alerts should be
sent to the Billing Administrator.
C. Correct! Use groups with IAM to simplify management. Billing Alerts should be
sent to the Billing Administrator. Quotas are based on the number of resources, such
as instances or CPU, not budget.
D. Incorrect. Quotas are based on the number of resources, such as instances or
CPU, not budget.
Summary:
Budgets are useful for visibility into the amount of money spent and can even alert
you when the budget is exceeded. You can use labels to organize your resources and
define the limits you alert on. Budgets don’t enforce your spending. Enforcing
spending limits is your responsibility, and for good reason. Your budget could be high
because your site or app is extremely successful. Cloud computing is a shared
responsibility model. Google’s responsibility is to ensure visibility into your spending,
but you decide how much you spend.
Your organization is planning a disaster recovery (DR) strategy. Your
stakeholders require a recovery time
objective (RTO) of 0 and a recovery
point objective (RPO) of 0 for zone
outage. They require an RTO of 4
hours and an RPO of 1 hour for a
regional outage. Your application
consists of a web application and a
backend MySQL database. You need
the most efficient solution to meet
your recovery KPIs.
What should you do?
A. Use a global HTTP(S) load balancer. Deploy the web application
as Compute Engine managed instance groups (MIG) in two regions,
us-west and us-east. Configure the load balancer to use both backends.
Use Cloud SQL with high availability (HA) enabled in us-east and a cross-region replica in us-west.
B. Use a global HTTP(S) load balancer. Deploy the web application as Compute Engine managed instance
groups (MIG) in two regions, us-west and us-east. Configure the load balancer to the us-east backend. Use Cloud SQL with high availability (HA) enabled in us-east and a cross-region replica in us-west. Manually promote the us-west Cloud SQL instance and change the load balancer backend to us-west.
C. Use a global HTTP(S) load balancer. Deploy the web application as Compute Engine managed instance
groups (MIG) in two regions, us-west and us-east. Configure the load balancer to use both
backends. Use Cloud SQL with high availability (HA) enabled in us-east and back up the database
every hour to a multi-region Cloud Storage bucket. Restore the data to a Cloud SQL database in
us-west if there is a failure.
D. Use a global HTTP(S) load balancer. Deploy the web application as Compute Engine managed instance
groups (MIG) in two regions, us-west and us-east. Configure the load balancer to use both
backends. Use Cloud SQL with high availability (HA) enabled in us-east and back up the database
every hour to a multi-region Cloud Storage bucket. Restore the data to a Cloud SQL database in
us-west if there is a failure and change the load balancer backend to us-west.
A. Incorrect. This solution would send traffic to both regions, even though the Cloud
SQL replica is read-only. Although sending traffic to both regions is not impossible,
additional changes to the application architecture would be required, which will create
additional complexity.
B. Correct! This solution ensures you meet RTO and RPO for both a zonal and
regional outage. By adding the additional steps to manually change the load balancer
and promote the Cloud SQL, you ensure the us-west region only accepts traffic after
the database is ready to receive it.
C. Incorrect. This solution would send traffic to both regions, even though the Cloud
SQL database either has not been created or contains old data. Your RPO is 1 hour
for a regional disaster, and although you back up the database to Cloud Storage
every hour, the backup itself takes time. Additionally, backing up the database could
be disruptive and require locking of the tables, which would prevent writes.
D. Incorrect. Your RPO is 1 hour for a regional disaster, and although you back up
the database to Cloud Storage every hour, the backup itself takes time. Additionally,
backing up the database could be disruptive and require locking of the tables, which
would prevent writes.
Summary:
Establishing KPIs for RTO and RPO for an application is easier with Google Cloud compared to a more traditional environment, where you are responsible for all the
layers of infrastructure. You can simplify a DR plan by thinking about the availability and durability of different services if a zonal or regional outage occurs. This example
uses a traditional architecture with managed instance groups, but the same approach can be used for an implementation using GKE or serverless options. If you change
the application slightly and use Spanner as the database backend, this solution could be even more reliable. This would give you a fully managed, multi-regional database
backend with 99.999% uptime.
Question: How are Access Control Lists (ACLs) used to manage access to files in a Cloud Storage bucket?
Working with ACLs (01:50-04:02)
Answer: A file is downloaded and uploaded to the bucket, and then ACLs are used to set permissions to private and then publicly readable.
Content: This section demonstrates how to download files, upload them to a bucket, and then configure and modify the ACLs.
Your client has adopted a multi-cloud
strategy that uses a virtual
machine-based infrastructure. The
client’s website serves users across
the globe. The client needs a single
dashboard view to monitor
performance in their AWS and
Google Cloud environments. Your
client previously experienced an
extended outage and wants to
establish a monthly service level
objective (SLO) of no outage longer
than an hour.
What should you do?
A. In Cloud Monitoring, create an uptime check for the URL your
clients will access. Configure it to check from multiple regions.
Use the Cloud Monitoring dashboard to view the uptime metrics
over time and ensure that the SLO is met. Recommend an SLO of 97% uptime per month.
B. In Cloud Monitoring, create an uptime check for the URL your clients will access. Configure it to check
from multiple regions. Use the Cloud Monitoring dashboard to view the uptime metrics over time and
ensure that the SLO is met. Recommend an SLO of 97% uptime per day.
C. Authorize access to your Google Cloud project from AWS with a service account. Install the monitoring
agent on AWS EC2 (virtual machines) and Compute Engine instances. Use Cloud Monitoring to create
dashboards that use the performance metrics from virtual machines to ensure that the SLO is met.
D. Create a new project to use as an AWS connector project. Authorize access to the project from AWS
with a service account. Install the monitoring agent on AWS EC2 (virtual machines) and Compute
Engine instances. Use Cloud Monitoring to create dashboards that use the performance metrics
from virtual machines to ensure that the SLO is met.
A. Incorrect. An SLO of no more than 3% downtime over the course of a month would mean that a downtime of 21 hours was acceptable.
B. Correct! An SLO of no more than 3% downtime over the course of a day would mean that a downtime of more than 43 minutes would exceed it.
C. Incorrect. Having visibility into both AWS and Google Cloud is an advantage of Google Cloud Observability. An SLO should be evaluated from the user’s perspective (uptime), not the internals of your environment.
D. Incorrect. Having visibility into both AWS and Google Cloud is an advantage of Google Cloud Observability. An SLO should be evaluated from the user’s perspective (uptime), not the internals of your environment.
Where to look:
https://cloud.google.com/architecture/adopting-slos
Summary:
Google Cloud Observability is a powerful tool for creating dashboards, metrics, health
checks, reports, alerts, and more. You can use Google Cloud Observability for
visibility into both AWS and Google Cloud. Instead of trying to map all the metrics to
SLOs, adopt your user’s perspective to define a SLO.
Cymbal Direct uses a proprietary
service to manage on-call rotation
and alerting. The on-call rotation
service has an API for integration.
Cymbal Direct wants to monitor its
environment for service
availability and ensure that the
correct person is notified.
What should you do?
A. Ensure that VPC firewall rules allow access from the IP addresses
used by Google Cloud’s uptime-check servers. Create a Pub/Sub
topic for alerting as a monitoring notification channel in Google
Cloud Observability. Create an uptime check for the appropriate resource’s internal IP address, with an alerting policy set to use the Pub/Sub topic. Create a Cloud Function that subscribes to the Pub/Sub topic to send the alert to the on-call API.
B. Ensure that VPC firewall rules allow access from the IP addresses used by Google Cloud’s uptime-check
servers. Create a Pub/Sub topic for alerting as a monitoring notification channel in Google Cloud
Observability. Create an uptime check for the appropriate resource’s external IP address, with an alerting policy set to use the Pub/Sub topic. Create a Cloud Function that subscribes to the Pub/Sub topic to send the alert to the on-call API.
C. Ensure that VPC firewall rules allow access from the on-call API. Create a Cloud Function to send the
alert to the on-call API. Add Cloud Functions as a monitoring notification channel in Google Cloud
Observability. Create an uptime check for the appropriate resource’s external IP address, with an
alerting policy set to use the Cloud Function.
D. Ensure that VPC firewall rules allow access from the IP addresses used by Google Cloud’s uptime-check
servers. Add the URL for the on-call rotation API as a monitoring notification channel in Google Cloud
Observability. Create an uptime check for the appropriate resource’s internal IP address, with an
alerting policy set to use the API.
A. Incorrect. An external uptime check is what is required.
B. Correct! Using Pub/Sub as a notification channel gives you flexibility to adapt how
notifications are sent.
C. Incorrect. The IP addresses that Google uses to connect need to be allowed in
the firewall, not the on-call API. A Cloud Function can subscribe to a Pub/Sub topic to
send alerts, but can’t be used as a notification channel directly.
D. Incorrect. You cannot send notifications directly to an API. You need to translate
the alert programmatically so that the API can receive the notification.
Summary:
Using Pub/Sub is only one example of how to integrate a third-party tool to handle sending notifications to the person on-call. You can use Cloud Functions, App Engine, or scripts on a server, or the service used to manage on-call might be able to subscribe to the Pub/Sub topic directly. Pub/Sub is a good option for a notification channel if a standard one, like email, isn’t suitable. Uptime checks are from a user’s perspective, and only check external IP addresses. Uptime checks are only one of many metrics you could use.
Cymbal Direct releases new versions of its drone delivery software every 1.5 to 2 months. Although most releases are successful, you have experienced
three problematic releases that
made drone delivery unavailable
while software developers rolled back
the release. You want to increase the
reliability of software releases and
prevent similar problems in the future.
What should you do?
A. Adopt a “waterfall” development process. Maintain the current
release schedule. Ensure that documentation explains how all
the features interact. Ensure that the entire application is tested
in a staging environment before the release. Ensure that the process
to roll back the release is documented. Use Cloud Monitoring,
Cloud Logging, and Cloud Alerting to ensure visibility.
B. Adopt a “waterfall” development process. Maintain the current release schedule. Ensure that
documentation explains how all the features interact. Automate testing of the application. Ensure that
the process to roll back the release is well documented. Use Cloud Monitoring, Cloud Logging, and
Cloud Alerting to ensure visibility.
C. Adopt an “agile” development process. Maintain the current release schedule. Automate build
processes from a source repository. Automate testing after the build process. Use Cloud Monitoring,
Cloud Logging, and Cloud Alerting to ensure visibility. Deploy the previous version if problems are
detected and you need to roll back.
D. Adopt an “agile” development process. Reduce the time between releases as much as possible.
Automate the build process from a source repository, which includes versioning and self-testing. Use
Cloud Monitoring, Cloud Logging, and Cloud Alerting to ensure visibility. Use a canary deployment to
detect issues that could cause rollback.
A. Incorrect. A waterfall process means that you are generally targeting large full
releases. This approach was appropriate for boxed software that incurred significant
costs in terms of time, manufacturing resources, infrastructure, and expense for a
release. Larger releases are more complex and more likely to break, and they are
difficult to troubleshoot because many changes are made at the same time. Smaller,
frequent releases with an automated build process that includes integrated testing
with Test Driven Development (TDD) are less likely to require rollbacks, and rollbacks
are simpler.
B. Incorrect. A waterfall process means that you are generally targeting large full
releases. This approach was appropriate for boxed software that incurred significant
costs in terms of time, manufacturing resources, infrastructure, and expense for a
release. Larger releases are more complex and more likely to break, and they are
difficult to troubleshoot because many changes are made at the same time. Smaller, frequent releases with an automated build process that includes integrated testing with Test Driven Development (TDD) are less likely to require rollbacks, and rollbacks are simpler.
C. Incorrect. An agile development process should generally reduce the time between releases as much as possible. Testing should be integrated into the build.
Using a canary deployment can let you detect issues before you deploy a new version at scale.
D. Correct! A modern CI/CD pipeline lets you release smaller changes more
frequently and includes integrated testing. Using a canary deployment can let you detect issues before you deploy your new version at scale.
Summary:
Modern software development has improved significantly over the last decade. Using
continuous integration/continuous deployment (CI/CD) pipelines has become
standard practice.
Keep your source code in a source code repository such as Cloud Source Repository,
and a tool such as Jenkins or Spinnaker. Use test-driven development to integrate
testing into your pipeline. Benefit from the features in GKE, which you can use to
easily release new versions with a canary or blue/green deployment. Leverage these
capabilities to deploy production often, and if something breaks, address it
immediately by aborting the release or rolling it back.
Cymbal Direct’s warehouse and
inventory system was written in Java.
The system uses a microservices
architecture in GKE and is
instrumented with Zipkin. Seemingly
at random, a request will be 5-10
times slower than others. The
development team tried to reproduce
the problem in testing, but failed to
determine the cause of the issue.
What should you do?
A. Create metrics in Cloud Monitoring for your microservices to test whether they are intermittently unavailable or slow to respond to HTTPS requests. Use Cloud Profiler to determine which functions/methods in your application’s code use the most system resources. Use Cloud Trace to identify slow requests and determine which microservices/calls take the most time to respond.
B. Create metrics in Cloud Monitoring for your microservices to test whether they are intermittently unavailable or slow to respond to HTTPS requests. Use Cloud Trace to determine which functions/methods in your application’s code use the most system resources. Use Cloud Profiler to identify slow requests and determine which microservices/calls take the most time to respond.
C. Use Error Reporting to test whether your microservices are intermittently unavailable or slow to respond to HTTPS requests. Use Cloud Profiler to determine which functions/methods in your application’s code use the most system resources. Use Cloud Trace to identify slow requests and determine which microservices/calls take the most time to respond.
D. Use Error Reporting to test whether your microservices are intermittently unavailable or slow to respond to HTTPS requests. Use Cloud Trace to determine which functions/methods in your application’s code Use the most system resources. Use Cloud Profiler to identify slow requests and determine which microservices/calls take the most time to respond.
Feedback:
A. Correct! Capturing metrics about the health of your microservices could identify an issue. Cloud Profiler can help find the functions or methods in your code that use unusual amounts of CPU, memory, or other system resources. This might indicate where to look for performance problems. Cloud Trace identifies which requests have the highest latency and narrows the scope to the microservices that cause the problem.
B. Incorrect. Cloud Profiler can help find functions or methods in your code that use unusual amounts of CPU, memory, or other system resources. Cloud Trace identifies which requests have the highest latency and narrows the scope to the microservices
that cause the problem.
C. Incorrect. Error Reporting captures application errors/exceptions in your code and lets you view the errors in a central place.
D. Incorrect. Error Reporting captures application errors/exceptions in your code and lets you view the errors in a central place. Cloud Profiler can help find functions or methods in your code that use unusual amounts of CPU, memory, or other system
resources. Cloud Trace identifies which requests have the highest latency and
narrows the scope to the microservices that cause the problem.
Where to look:
https://cloud.google.com/trace/docs/
Content mapping:
● Architecting with Google Compute Engine (ILT)
○ M7 Resource Monitoring
● Essential Google Cloud Infrastructure: Core Services (On-demand)
○ M4 Resource Monitoring
Summary:
Google Cloud’s operations suite provides tools that can help you discover and
diagnose issues in your environment. Microservices add an extra level of complexity
during troubleshooting because you need to account for the communication between
the microservices. Pinpointing the root of an issue can be difficult, especially if it is
intermittent. Using the integrated tools in the operations suite lets you seamlessly
switch between tools to find your issue. Cloud Trace can be especially useful when
you determine which microservice causes a bottleneck. However, you need to use the
Cloud Tracing Agent, OpenTelemetry (previously OpenCensus), or Zipkin to ensure
that instrumentation is enabled.
Cymbal Direct has a new social media integration service that pulls images of its products from social media sites and displays them in a gallery of customer images on your online store. You receive an alert from Cloud Monitoring at 3:34 AM on Saturday. The store is still online, but the gallery does not appear. The CPU utilization is 30% higher than expected on the VMs running the service, which causes the managed instance group (MIG) to scale to the maximum number of instances.
You verify that the issue is real by checking the site and by checking the incidents timeline.
What should you do to resolve the issue?
A. Increase the maximum number of instances in the MIG and verify that this resolves the issue. Ensure that the ticket is annotated with your solution. Create a normal work ticket for the application developer with a link to the incident. Mark the incident as closed.
B. Check the incident documentation or labels to determine the on-call contact. Appoint an incident commander, and open a chat channel, or conference call for emergency response. Investigate and resolve the issue by increasing the maximum number of instances in the MIG, and verify that this resolves the issue. Mark the incident as closed.
C. Increase the maximum number of instances in the MIG and verify that this resolves the issue.
Check the incident documentation or labels to determine the on-call contact. Appoint an incident commander, and open a chat channel, or conference call for emergency response. Investigate and resolve the root cause of the issue. Write a blameless post-mortem and identify steps to prevent the issue, to ensure a culture of continuous improvement.
D. Verify the high CPU is not user impacting, increase the maximum number of instances in the
MIG and verify that this resolves the issue.
A. Incorrect. Google Cloud Observability will close an incident if the alerting
condition is no longer being met.
B. Incorrect. This answer is more appropriate for a critical incident. This response doesn’t consider the severity of the issue and the impact on the developer and response team. Managing a service should not require a “heroic effort.” Take basic mitigation steps, such as increasing the number of instances, and the developer can fix the issue on Monday. Google Cloud Observability will close an incident if the alerting condition is no longer being met.
C. Incorrect. This answer is more appropriate for a critical incident. This response doesn’t consider the severity of the issue and the impact on the developer and response team. Managing a service should not require a “heroic effort.” Take basic mitigation steps such as increasing the number of instances, and the developer can fix the issue on Monday.
D. Correct! This appropriately responds to the issue by increasing the number of instances and doesn’t require a “heroic effort” by having the developer or response team resolve the issue in the middle of the night.
Summary:
Google Cloud Observability was designed in the context of Google’s understanding of
how an incident should be responded to. To use Cloud Monitoring or any other tool
that includes monitoring and alerting, you should consider how you would respond to
an actual alert. It could be by formally appointing someone to be the incident
commander and going through the steps of identification, coordination, resolution, and
closure for a critical issue. You could also respond by patching the issue until it is
more formally dealt with during business hours, thus creating a better work culture.
You should investigate both the capabilities of Google Cloud Observability and the
processes and values outlined in Google’s Site Reliability Engineering (SRE) books.
Question: How are Customer-Supplied Encryption Keys (CSEK) used to encrypt and decrypt files in Cloud Storage?
. Customer-Supplied Encryption Keys (CSEK) (04:56-08:25)
Answer: A CSEK is generated, and the boto configuration file is modified to include the key. Files are uploaded to the bucket using the CSEK. The lab also shows how to set up decryption keys, create new encryption keys, and re-write files with new keys.
Content: This part of the lab focuses on generating CSEKs, configuring the boto file, and encrypting/decrypting files.
Question: How is Lifecycle Management used to automate object management in Cloud Storage?
Lifecycle Management (13:03-13:58)
Answer: A lifecycle policy is created in JSON format to automatically delete objects older than 31 days. The policy is applied to the bucket, and verification is done.
Content: This section explains how to create and apply a lifecycle policy to a bucket.
Question: How is a directory synchronized with a Cloud Storage bucket?
Directory Synchronization (19:18-20:09)
Answer: A directory is created, and then synchronized with the cloud storage bucket. Verification of the synchronization is done through the console.
Content: This section shows how to synchronize a directory with a bucket.
Cross-Project Resource Sharing (20:12-27:41)
Question: How is cross-project resource sharing implemented using service accounts and IAM?
Answer: A new Google Cloud project is used to create a second bucket. A service account is created in the second project with Storage Object Viewer permissions, and a JSON key is downloaded. A Compute Engine VM is created in the first project. The VM is used to attempt to access the second project’s bucket, which fails due to insufficient permissions. The service account key is uploaded to the VM, and used to authorize access. The service account is given Storage Object Admin permissions, and the lab is completed.
Content: This section demonstrates how to create a service account in one project and use it to grant access to a bucket in another project.
What about how to choose cloud SQL
Question: What is the primary reason for choosing Cloud SQL over self-managed SQL on Compute Engine?
Introduction to Cloud SQL (00:03-00:29)
Content: “Let’s dive into the structured or relational database services. First up is Cloud SQL. Why would you use a Google Cloud service for SQL, when you can install a SQL Server application image on a VM using Compute Engine? The question really is, should you build your own database solution or use a managed service? There are benefits to using a managed service, so let’s learn about why you’d use Cloud SQL as a managed service inside of Google Cloud.”
Answer: The primary reason is to leverage a managed service, which reduces operational overhead.
Question: What are the key features and capabilities of Cloud SQL?
Cloud SQL Features and Capabilities (00:29-01:49)
Content: “Cloud SQL is a fully managed service of either MySQL, PostgreSQL, or Microsoft SQL Server databases. This means that patches and updates are automatically applied, … but you still have to administer MySQL users with the native authentication tools that come with these databases. Cloud SQL supports many clients, such as Cloud Shell, App Engine and Google Workspace scripts. It also supports other applications and tools that you might be used to like SQL Workbench, Toad and other external applications using standard MySQL drivers. Cloud SQL delivers high performance and scalability with up to 64 TB of storage capacity, 60,000 IOPS, and 624 GB of RAM per instance. You can easily scale up to 96 processor cores and scale out with read replicas. Currently, you can use Cloud SQL with either MySQL 5.6, 5.7, or 8.0, PostgreSQL 9.6, 10, 11, 12, 13, 14, or 15, or either of the Web, Express, Standard or Enterprise SQL Server 2017 or 2019 editions.”
Answer:
Fully managed MySQL, PostgreSQL, and SQL Server.
Automatic patching and updates.
Support for various clients and tools.
High performance and scalability.
Support for multiple database versions and editions.
Question: What are Cloud SQL’s high availability, backup, and scalability features?
High Availability, Backups, and Scalability (02:02-02:55)
Content: “Let’s focus on some other services provided by Cloud SQL: In HA configuration, within a regional instance, the configuration is made up of a primary instance and a standby instance. Through synchronous replication to each zone’s persistent disk, all writes made to the primary instance are replicated to disks in both zones before a transaction is reported as committed. In the event of an instance or zone failure, the persistent disk is attached to the standby instance, and it becomes the new primary instance. Users are then rerouted to the new primary. This process is called a failover. Cloud SQL also provides automated and on-demand backups with point-in-time recovery. You can import and export databases using mysqldump, or import and export CSV files. Cloud SQL can also scale up, which does require a machine restart or scale out using read replicas. That being said, if you are concerned about horizontal scalability, you’ll want to consider Cloud Spanner which we’ll cover later in this module.”
Answer:
High availability with primary and standby instances.
Synchronous replication and automatic failover.
Automated and on-demand backups with point-in-time recovery.
Import and export capabilities.
Scale up and scale out with read replicas.
Question: What are the recommended connection types for Cloud SQL, and what are their security implications?
Connection Types and Security (02:55-04:18)
Content: “Choosing a connection type to your Cloud SQL instance will affect how secure, performant, and automated it will be. If you’re connecting an application that is hosted within the same Google Cloud project as your Cloud SQL instance, and it is collocated in the same region, choosing the Private IP connection will provide you with the most performant and secure connection using private connectivity. In other words, traffic is never exposed to the public internet. Note that connecting to the Cloud SQL Private IP address from VMs in the same region is only a performance-based recommendation and not a requirement. If the application is hosted in another region or project, or if you are trying to connect to your Cloud SQL instance from outside of Google Cloud, you have 3 options. In this case, I recommend using the Cloud SQL Auth Proxy, which handles authentication, encryption, and key rotation for you. If you need manual control over the SSL connection, you can generate and periodically rotate the certificates yourself. Otherwise, you can use an unencrypted connection by authorizing a specific IP address to connect to your SQL server over its external IP address. You will explore these options in an upcoming lab. [https://cloud.google.com/sql/docs/mysql/private-ip].”
Answer:
Private IP (recommended for applications within the same region and project).
Cloud SQL Auth Proxy (recommended for connections from other regions, projects, or outside Google Cloud).
SSL certificates (manual control).
Authorized IP addresses (unencrypted, less secure).
Question: How do you choose between Memorystore, BigQuery, Cloud Spanner, and Cloud SQL for relational data?
Content: “To summarize, let’s explore this decision tree to help you find the right data storage service with full relational capability. Memorystore provides a fully-managed in-memory data store service for workloads requiring microsecond response times, or that have large spikes in traffic, as seen in gaming environments and real-time analytics. If you don’t need an in-memory data store, but your use case is relational data used primarily for analytics, these workloads are best supported by BigQuery. However, if your relational data workload isn’t analytics, the choice lies between Cloud Spanner and Cloud SQL. If you don’t need horizontal scaling or a globally available system, Cloud SQL is the right choice.”
Answer:
Memorystore: In-memory data store for microsecond response times.
BigQuery: Relational data for analytics.
Cloud Spanner: Horizontally scalable, globally distributed relational data.
